Reduce time spent on shared spreadsheets
How CyberGRX Works for Third Parties
Shared spreadsheets are eating up your valuable resources and providing limited value. CyberGRX assessments use a smart, skip level logic approach, so they automatically calibrate to your responses—removing any redundant or irrelevant questions. And, once your assessment is complete, you can use The CyberGRX Exchange to proactively share it with any upstream partner you choose. Complete one assessment, share with many.
Complete a Tier 1, 2 or 3 CyberGRX Assessment
Receive a detailed roadmap for improving your security
Follow CyberGRX's remediation strategies
Share with your upstream business partners
Never complete another spreadsheet again
Why you should break up with your current process
New regulations and increased scrutiny on third-party risk management
57% of companies don’t know if a third parties’ policy would prevent a data breach
Benefits for Third Parties
The CyberGRX Exchange and our risk assessments as-a-service help Enterprises and Third Parties cost-effectively identify, prioritize and mitigate risk.
CyberGRX is a force multiplier for our third-party cyber risk management program. In just the first year we will be able to assess 5x more vendors than we assessed last year and reallocate the resources saved to true risk management and mitigation efforts.
Frequently Asked Questions
How much does this cost?
For the ordering customers, there are two elements to the cost model: an annual platform access fee and a per-assessment fee that varies according to tier of service. Platform access fees are paid annually; funds put into your CyberGRX account to cover assessment fees are evergreen. Once an assessment is ordered and delivered, customers receive access to that assessment and updates for a 12-month period.
How long does it take to complete an assessment?
Average timeframes to complete an assessment are as follows: ~40 days for Tier 1, ~10 days for Tier 2, and ~7 days for Tier 3. Our customer success team does an outstanding job helping third parties complete their assessments in a timely manner with training, support and coaching. That being said, average timeframes can vary depending on the unique situation.
If I post my assessment to the exchange, will anyone be able to see my data?
No. You are in control of your data. Once you have completed an assessment, that data will only be shared on an individual basis, pending your approval for each case. If you never want to share your assessment, no one will see your assessment results. However, we do let exchange customers know of the presence of an assessment in the exchange for your organization. This facilitates the ordering process by letting them know that an assessment is available.
What if I’m not satisfied with my assessment after it is completed, do I have to share it?
No, you don’t. Once you have completed an assessment, that data will only be shared on an individual basis, pending your approval for each customer. If you do not share an assessment that is ordered, however, you will most likely be required to fulfill the assessment obligation in some other way. Whereas, once you’ve completed a CyberGRX assessment, the CyberGRX platform allows you to continuously update your assessment and share with multiple customers, reducing time spent on filling in various assessment requests.
Can I provide additional materials with my assessment? SIG? SOC ll? Comments?
We allow for comments on the Tier 1 assessment. As part of our evidence validation process we do consider and accept a review of other materials such as a SIG or SOC II assessment. However, we only collect metadata on those documents (Title, date published / updated, etc.) and do not maintain a copy of the documents in our Platform. Allowing for additional attachments is under consideration. You are also welcomed to share any certification documents out of band with your customer, but the platform does not currently facilitate this sharing.